I recommend you Subscribe to this thread so you are notified of any replies via email. To do this click
Thread Tools, then click
Subscribe to this Thread. Make sure it is set to
Instant Notification, then click
Subscribe.
Please print out or copy this page to
Notepad in order to assist you when carrying out the following instructions.
Downloads(make sure to save these in a permanent location)
Cleanup!- Install it. You will use this later.
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.
Ewido Anti-Malware- Install Ewido Anti-Malware
- Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
- On the top of the main screen click Shield
- Click the word active to change it to inactive
- On the top of the main screen click Update.
- Then click on Start Update. The update will start and a progress bar will show the updates being installed.
- I also recommend changing the "Update interval" to something more reasonable like 12 hours.
If you are having problems with the updater, you can use this link to
manually update Ewido
When you have finished updating,
EXIT Ewido.
Brute Force Uninstaller to your desktop.
- Right click the BFU folder on your desktop, and choose Extract All
- Click "Next"
- In the box to choose where to extract the files to,
- Click "Browse"
- Click on the + sign next to "My Computer"
- Click on "Local Disk (C:) or whatever your primary drive is
- Click "Make New Folder"
- Type in BFU
- Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download
Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).
Next, please reboot your computer in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear
- Select the first option, to run Windows in Safe Mode.
HijackThis!
Open Hijack This and click on Scan. Check the following entries
(make sure you do not miss any)R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=explorer.exe winsock2.6.exe
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: (no name) - {7979C1A1-C0AC-46F4-AFD1-E430EBFDE131} - C:\Program Files (x86)\Outlook Express\horefozep.dll (file missing)
O4 - HKLM\..\Run: [winsockdriver] winsock2.6.exe
O4 - HKLM\..\Run: [mmvece13] RUNDLL32.EXE w07029be.dll,n 001ece120000000a07029be
O4 - HKCU\..\RunOnce: [winsockdriver] winsock2.6.exe
O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\fscaayv.dll (file missing)
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\dicbccd.dll (file missing)
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\cktdll.dll (file missing)
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\wztdecod.dll (file missing)
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\wfwfaxui.dll (file missing)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\clmsnap.dll (file missing)
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\wgapi.dll (file missing)
Please remember to close all other windows, including browsers then click Fix checked.
File and Folder Deletions
Delete the following Files indicated in
RED and Folders indicated in
BLUE if they still exist.
winsock2.6.exe <<Find via Start>Search
Please go to Start > My Computer and navigate to the C:\BFU folder.
- Start the Brute Force Uninstaller by doubleclicking BFU.exe
- Behind the scriptline to execute field click the folder icon
and select alcanshorty.bfu
- Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
- Wait for the complete script execution box to pop up and press OK.
- Press exit to terminate the BFU program.
Open
Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "
Options..."
*Move the arrow down to "
Custom CleanUp!"
*Put a check next to the following:
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files
- Cleanup! All Users
- Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it’s checked.
Click
OK
Press the
CleanUp! button to start the program. If prompted to reboot, click No.
Run
Ewido with it's updated definitions:(...it's important that all windows must be closed)
- Click Scanner
- Click on the Scan tab
- Click Complete System Scan to begin scanning.
- When the scan is complete click Recommended Action and change it to Quarantine
- Then click Apply all actions
Once finished, click the
Save report button, then click
Save Report As and save it to your desktop.
Online Scans
Perform an online scan with Internet Explorer with
Panda ActiveScan
**
click on "Free use ActiveScan" located on the top right hand corner- Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
- Click Scan Now
- Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting
My Computer- If it finds any malware, it may ask you to purchase the program, this is not necessary we will take care of the entries manually.
- At the end of the scan click on see report. Then click Save report
Please post that log in your next reply.
In your next post please include:
- Ewido Log
- Panda Activescan Log
- A new Hijackthis! Log